Table Of Contents
Release Notes for Cisco Router and Security Device Manager 2.4.1
Supported Adapters, Cards and Network Modules
Web Browser Versions and Java Runtime Environment Versions
New Hardware Supported in Cisco SDM 2.4.1
New Features Supported in Cisco SDM 2.4.1
Cisco 1700 Routers Running Cisco ITS/Cisco CallManager Express and Cisco IOS Release 12.2(13)T
Downloading Cisco SDM from Cisco.com and Installing It on the Router
Upgrading to a New Cisco SDM Version
Cisco SDM Minimum Screen Resolution
Restrictions for Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers
Cisco SDM May Not Operate with Custom Configuration File
Cisco SDM Merge and Replace Configuration Functions Fail Under Some Conditions
Cisco SDM Security Dashboard May Display Threats Unrelated to Your Cisco IOS IPS Installation
Cisco SDM May not Launch Using IP Address of SSL VPN Gateway
Cisco SDM IPS User Guide Discontinued for Cisco SDM 2.2
Cisco SDM May Lose Connection to Network Access Device
Cisco SDM on PC May Not Launch under Windows XP with Service Pack 2
Popup Blockers Disable Cisco SDM Online Help
Routers Shipped with Cisco SDM Do Not Execute the Standard Cisco IOS Startup Sequence
Unable to Perform "squeeze flash:" Operation
Security Alert Dialog May Remain After Cisco SDM Launches
Resolved Caveats—Cisco SDM 2.4.1
Release Notes for Cisco Router and Security Device Manager 2.4.1
Revised: July 23, 2007 OL-5009-20These release notes support Cisco Router and Security Device Manager (Cisco SDM) 2.4.1, and Cisco SDM Express 2.4.1. They should be used with the documents listed in the "Related Documentation" section. These release notes are updated as needed.
Cisco SDM 2.4.1 and Cisco SDM Express 2.4.1 are available in seven languages: Chinese (simplified), English, French, German, Italian, Japanese, and Spanish. Installation files for all languages are available on Cisco.com by going to the following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm
Contents
This document contains the following sections:
Introduction
Cisco SDM is a web-based configuration tool that allows you to configure LAN and WAN interfaces, routing, Network Admission Control (NAC), Network Address Translation (NAT), firewalls, Intrusion Prevention System (IPS), Virtual Private Networks (VPNs), and other features on the router. Cisco SDM 2.4.1 can be installed on a PC, or in router flash, disk, or slot memory. If you have a router listed in the Hardware Supported section, the English edition of Cisco SDM may be preinstalled in router memory, or may be shipped on a CD with the router.
Cisco SDM Express allows you to give a router a basic LAN, WAN, firewall and NAT configuration. The English edition may be installed in router memory.
System Requirements
This section contains Cisco SDM 2.4.1 system requirements.
Memory Requirements
Table 1 shows how much memory is required to support Cisco SDM 2.4.1 and related applications.
Table 4 lists the files that are included with Cisco SDM, Cisco SDM Express, and the Wireless Management application.
Hardware Supported
This section lists the routers that Cisco SDM supports, by series.
Note
Cisco SDM does not support Telco/CO router models.
Cisco SB100 series:
•
•
•
Cisco 800 series:
•
•
•
•
•
•
•
•
•
•
•
Cisco SDM is supported on the following Cisco 1700 series:
•
•
•
•
•
•
•
•
•
Cisco 1800 series:
•
•
•
•
•
•
•
•
•
Cisco 2600 series:
•
•
•
•
•
•
•
Cisco 2800 series:
•
•
•
•
Cisco 3600 series:
•
•
•
•
•
Cisco SDM is supported on the following Cisco 3700 series:
•
•
Cisco SDM is supported on the following Cisco 3800 series:
•
•
Cisco SDM is supported on the following Cisco 7000 series:
•
•
•
Supported Adapters, Cards and Network Modules
Network modules:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Cisco SDM supports only Ethernet configuration on the following network modules:
•
•
•
•
•
•
•
•
•
•
EtherSwitch Service Network Modules:
•
•
•
•
WAN interface cards:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
High-speed WAN interface cards (HWICs):
•
•
•
•
•
•
•
•
•
•
•
•
Advanced integration modules (AIMs):
•
•
•
•
•
•
•
•
•
•
•
•
Port adapters on Cisco 7000 family routers:
•
•
•
•
Network Processing Engines and Network Service Engines on Cisco 7000 family routers.
•
•
•
•
•
Service adapters on Cisco 7000 family routers:
•
•
•
•
Cisco SDM also supports the MOD-1700VPN.
PC System Requirements
Cisco SDM 2.4.1 is designed to run on a personal computer that has a Pentium III or faster processor.
Software Supported
This section describes Cisco SDM 2.4.1 software requirements.
Cisco IOS Releases
Cisco SDM 2.4.1 is compatible with the Cisco IOS releases listed in Table 2.
Note
Table 3 shows the Cisco IOS IPS feature history, and lists the Cisco IOS releases that offered each set of features, beginning with the latest release. This information is available in the Cisco IOS IPS Deployment Guide available at the following link.
http://www.cisco.com/en/US/products/ps6634/prod_white_papers_list.html
Determining the Cisco IOS Release
To determine the release of Cisco IOS software currently running on your Cisco router, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the Cisco IOS release on the second output line:
Router> show versionCisco Internetwork Operating System SoftwareIOS (tm) C1700 Software (c1700-k8sv3y7-mz) Version 12.2(13)ZHWeb Browser Versions and Java Runtime Environment Versions
Cisco SDM 2.4.1 can be used with the following browsers:
•
•
•
Cisco SDM 2.4.1 requires Sun Java Runtime Environment (JRE). The following versions are supported:
•
•
•
•
Although the Cisco SDM application requires JRE to run, the Cisco SDM Express application included with Cisco SDM can run under the native Java Virtual Machine in the supported browsers, and also JRE.
PC Operating System Versions
The English edition of Cisco SDM 2.4.1 supports operation on the following operating systems:
•
•
•
Note
Localized editions of Cisco SDM 2.4.1 can be run on the English edition of these operating systems by going to Start > Control Panel > Regional and Language Options, and changing the settings to values compatible with the edition of Cisco SDM that you are running. For more information, refer to the document Running Non English Editions of SDM on English-Language Operating Systems available at the same link.
Localized editions of Cisco SDM 2.4.1 support operation on the following localized operating systems:
•
•
New and Changed Information
This section contains information that is new or changed since the previous version.
New Hardware Supported in Cisco SDM 2.4.1
Cisco SDM 2.4.1 supports the following new hardware:
•
•
•
•
•
•
New Features Supported in Cisco SDM 2.4.1
Cisco SDM 2.4.1 supports all the features available in Cisco SDM 2.4. It is available in the following language editions:
•
•
•
•
•
•
•
All editions of Cisco SDM are available on Cisco.com by going to the following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm
Cisco SDM Files
This section describes the files used in Cisco SDM 2.4.1. Table 4 lists the name and description of each file. Table 5 lists the files sizes according to language.
Installation Notes
This section contains important information regarding installation and upgrades to Cisco SDM 2.4.1.
Cisco 1700 Routers Running Cisco ITS/Cisco CallManager Express and Cisco IOS Release 12.2(13)T
If you are installing Cisco SDM 2.4.1 on a router that already has the Internet Telephony Service (ITS) or Cisco CallManager Express application installed in flash memory, you may exceed the number of files allowed in flash memory by installing Cisco SDM 2.4.1. Cisco 1700 routers using Cisco IOS Release 12.2(13)T cannot have more than 32 files in flash memory.
Before installing Cisco SDM 2.4.1, you must delete any unneeded files from flash memory. If no files can be deleted, do not install it on the router.
Downloading Cisco SDM from Cisco.com and Installing It on the Router
If Cisco SDM 2.4.1 is not currently installed on the router, see Downloading and Installing Cisco Router and Security Device Manager to learn how to download Cisco SDM from Cisco.com and install it on the router. To obtain this document, go to the following URL:
In the Support box, click Install and Upgrade. Then click Install and Upgrade Guides > Downloading and Installing Cisco Router and Security Device Manager.
Upgrading to a New Cisco SDM Version
If a version of Cisco SDM later than version 1.0 is already installed on the router, use the Cisco SDM automatic update feature to install the latest files on the router. Cisco SDM automatically checks Cisco.com for more recent versions of Cisco SDM, downloads them to your PC, removes the old Cisco SDM files from memory, runs the squeeze flash: command if necessary, and copies the latest files to the router. The update feature is available from the Tools menu. Choose Tools > Update SDM > From Cisco.com.
If you are currently using Cisco SDM 1.0, you must download the file SDM-Vnn.zip at the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/sdm
See Downloading and Installing Cisco Router and Security Device Manager (SDM) to learn how to install SDM and all related files on the router at the following URL:
In the Support box, click Install and Upgrade. Then click Install and Upgrade Guides > Downloading and Installing Cisco Router and Security Device Manager.
Uninstalling Cisco SDM Files
If you want to remove Cisco SDM from flash memory or from a router disk file system, you can do so by logging onto the router and completing the following steps in EXEC mode:
Step 1
If the router has a flash file system, use the following command:
router# cd flash:If the router has a disk file system, use the following command:
router# cd diskNReplace N with the actual number of the disk. Use the slot keyword instead of the disk keyword if necessary.
Step 2
router# delete sdm.tarDelete filename [sdm.tar]?Delete flash:sdm.tar? [confirm]Press Return to confirm the deletion.
Step 3
Step 4
router# squeeze flash:It is not necessary to use the squeeze flash: command on DOS-based file systems.
Cisco SDM version 2.1 or later can be installed on your PC. To remove Cisco SDM from your PC, complete the following steps:
Step 1
Step 2
Step 3
Limitations and Restrictions
This section describes restrictions and limitations that may apply to Cisco SDM.
Cisco SDM Minimum Screen Resolution
Cisco SDM requires a screen resolution of at least 1024 x 768.
Restrictions for Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers
The following restrictions apply to Cisco SDM running on Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers:
•
•
•
•
The document Cisco Router and Security Device Manager (SDM) User Guide for the Cisco 7200 VXR and Cisco 7301 Routers describes how to give the router a configuration that supports Cisco SDM and how to start Cisco SDM on Cisco 7000 Family routers.
Important Notes
This section contains important information for Cisco SDM. It contains the following sections:
•
•
•
•
•
•
•
•
•
•
•
Cisco SDM May Not Operate with Custom Configuration File
If you load a custom configuration file on the router using Cisco Configuration Express or any other process, you may remove Command Line Interface (CLI) commands that Cisco SDM operation requires amd prevent it from operating. Cisco SDM requires the following basic configuration in order to connect to the router and manage it.
•
•
•
•
•
The following example shows a configuration that contains the CLI commands Cisco SDM requires in order to operate.
The following example shows a configuration that contains the CLI commands Cisco SDM requires in order to operate.
hostname yourname!logging buffered 51200 warnings!username cisco privilege 15 secret 0 cisco!ip domain-name yourdomain.com!interface FastEthernet0description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-10/100 Ethernet$ip address 10.10.10.1 255.255.255.248description PC must be on the same subnet as this interfaceno shutdown!ip http serverip http secure-serverip http authentication localip http timeout-policy idle 60 life 86400 requests 10000!line vty 0 4privilege level 15login localtransport input telnettransport input telnet sshline vty 5 15privilege level 15login localtransport input telnettransport input telnet sshCisco SDM Merge and Replace Configuration Functions Fail Under Some Conditions
If you attempt to merge configuration changes made using the Cisco SDM Config Editor feature, or replace the running configuration with a configuration from the Config Editor, the router configuration will not be changed if there is a network device with a Network Address Translation (NAT) IP address, or a cache engine in the connection between the PC and the router. If you need to make changes to the router configuration that you would normally make using the Cisco SDM Config Editor, use the Cisco IOS CLI instead. This is caveat CSCsj21989.
Cisco SDM Security Dashboard May Display Threats Unrelated to Your Cisco IOS IPS Installation
Some (or all) of the top threats you obtain using the Cisco SDM Security Dashboard may not pertain to your Cisco IOS IPS installation. After you deploy the signatures applicable to the top threats displayed by the Cisco SDM Security Dashboard, the dashboard may still display some (or all) top threats with a red icon because applicable signatures could not be found. Those remaining top threats are unrelated to your Cisco IOS IPS installation and not a danger to your router running Cisco IOS software.
Cisco SDM May not Launch Using IP Address of SSL VPN Gateway
This information provides more information about the caveat CSCek33306. When Cisco SDM attempts to connect to a router with a SSL VPN gateway configured using the Cisco IOS CLI, it might not launch from the IP address used by that gateway if the CLI statements necessary for Cisco SDM access are not included.
For example, if you have configured a SSL VPN connection on the interface Fe 0/0 with the gateway IP address 10.10.10.1, and the gateway name MySSLVPN, you may not be able to launch Cisco SDM using that IP address.
To be able to launch Cisco SDM using that IP address, add the following Cisco IOS CLI commands:
Router# config tRouter(config)# interface loopback next-available-loopback-numberRouter(config-if)# description Do not delete - SDM SSLVPN generated interfaceRouter(config-if)# ip address 192.168.1.1 255.255.255.252Router(config-if)# no shutdownRouter(config-if)# ip nat insideRouter(config-if)# exitRouter(config)# ip nat inside source static tcp 192.168.1.1 443 10.10.10.1 4443Router(config)# router(config)# webvpn gateway MySSLVPNRouter(config-webvpn-gateway)# http-redirect port 80Router(config) # interface FastEthernet 0/0Router(config-if)# ip nat outsideRouter(config-if)# exitAfter adding these commands, you can launch Cisco SDM by entering the following IP address and port in the browser:
https://10.10.10.1:4443If you remove the SSL VPN gateway that was modified for Cisco SDM access, you must remove the loopback interface and NAT rule that you created to allow access in the first place. Enter the commands shown in the description of caveat CSCek38259.
Cisco SDM IPS User Guide Discontinued for Cisco SDM 2.2
The Cisco SDM IPS application has been merged with Cisco SDM 2.2. Instructions for using IPS are included in the Cisco Router and Security Device Manager Version 2.2 User's Guide and later versions of the user's guide. No Cisco SDM IPS User's Guide has been published for this release.
Cisco SDM May Lose Connection to Network Access Device
This note concerns the NAC feature.
If the PC used to invoke Cisco SDM returns a posture state (Healthy, Infected, Checkup, Quarantine, or Unknown) and if the group policy on the ACS server attached to the posture token assigned to the PC has a redirect URL configured, the connection between Cisco SDM and the router acting as the Network Access Device (NAD) may be lost. The same problem can occur if an exception list entry attached to a policy with a redirect URL is configured with the IP address or MAC address of the PC.
If you try to reinvoke Cisco SDM from this PC, you will not be able to do so because the browser will be redirected to the location specified in the redirect URL.
There are two workarounds for this problem:
•
•
For more information, see the links in the Cisco SDM NAC online help pages.
Cisco SDM on PC May Not Launch under Windows XP with Service Pack 2
When Cisco SDM is installed on a PC running Windows XP with Service Pack 2, Internet Explorer may display HTML source code when you attempt to launch Cisco SDM. To fix this problem, go to Tools > Internet Options > Advanced. Then scroll to the Security section, check Allow active content to run in files on my computer, and click Apply. Then relaunch Cisco SDM.
Popup Blockers Disable Cisco SDM Online Help
If you have enabled popup blockers in the browser you use to run Cisco SDM, online help will not appear when you click the help button. To prevent this from happening, you must disable the popup blocker when you run Cisco SDM. Popup blockers may be enabled in search engine toolbars, or may be standalone applications integrated with the web browser.
Microsoft Windows XP with Service Pack 2 blocks popups by default. In order to turn off popup blocking in Internet Explorer, go to Tools > Pop-up Blocker > Turn Off Pop-up Blocker.
If you have not installed and enabled third-party pop up blockers, go to Tools >Internet Options > Privacy, and uncheck the Block popups checkbox.
In Firefox 1.5 and later versions, click Tools > Options > Content. Uncheck Block pop-up windows.
Disable Proxy Settings
Cisco SDM will not start when run under Internet Explorer with proxy settings enabled. To correct this problem, choose Internet Options from the Tools menu, click the Connections tab, and then click the LAN settings button. In the LAN Settings window, disable the proxy settings.
Routers Shipped with Cisco SDM Do Not Execute the Standard Cisco IOS Startup Sequence
Because a default configuration file is provided on a router shipped with Cisco SDM, the router will not execute the standard Cisco IOS startup sequence. If you are expecting to use the Cisco IOS setup utility, a TFTP/BOOTP configuration download, or other features available through the standard Cisco IOS startup, you will need to erase the configuration file.
To erase the existing configuration and take advantage of the Cisco IOS startup sequence, perform the following steps. This will leave Cisco SDM on the router if you later decide you want to use it, but you will need to configure the router manually before you can begin using Cisco SDM. Please see the router quick start guide and to the SDM FAQ for information about the minimum configuration required for using Cisco SDM. This document is available at:
Step 1
Step 2
Step 3
Step 4
yourname> enablePassword: cisco
Guest
